Testing ports through firewall

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Testing ports through firewall

warron.french
Hello Community, and Merry Christmas/Happy Seasons Greetings,
   anyway, I need some help with understanding an openssl feature - s_server.

I executed the following command:  openssl s_server -accept 21937 -www &
And immediately got the following output:
[1] 3286
[sysadm@wfrench-rhel6c-cit ~]$ Error opening server certificate private key file server.pem
140679739017032:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('server.pem','r')
140679739017032:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load server certificate private key file


In order to test ports that are not encrypted with SSL/TLS do I still have to generate a certificate and private key file (each)?

I would like to test ports from one machine using openssl s_client against a remote machine on an opposing network, running a "listener", using openssl s_server.

Perhaps I am way off?  I am not allowed to use openssl for this sort of thing?
Any guidance would be greatly appreciated because I want to expand my understanding of the openssl suite of commands and its offerings.


Have a nice day,
--------------------------
Warron French


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Testing ports through firewall

Jakob Bohm-7
On 21/12/2017 14:36, warron.french wrote:

> Hello Community, and Merry Christmas/Happy Seasons Greetings,
>    anyway, I need some help with understanding an openssl feature -
> *s_server*.
>
> I executed the following command: openssl s_server -accept 21937 -www &
> And immediately got the following output:
> [1] 3286
> [sysadm@wfrench-rhel6c-cit ~]$ Error opening server certificate
> private key file server.pem
> 140679739017032:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:398:fopen('server.pem','r')
> 140679739017032:error:20074002:BIO routines:FILE_CTRL:system
> lib:bss_file.c:400:
> unable to load server certificate private key file
>
> In order to test ports that are not encrypted with SSL/TLS do I still
> have to generate a certificate and private key file (each)?
>
> I would like to test ports from one machine using openssl s_client
> against a remote machine on an opposing network, running a "listener",
> using openssl s_server.
>
> Perhaps I am way off?  I am not allowed to use openssl for this sort
> of thing?
> Any guidance would be greatly appreciated because I want to expand my
> understanding of the openssl suite of commands and its offerings.
>
>
Any normal SSL/TLS server needs a certificate.  For testing the
certificate doesn't have to be "real" (from a trusted public CA).
A dummy certificate for a server named "computer.example.com" can
be generated using the command:

openssl req -x509 -days 365 -newkey:rsa:2048 -nodes -keyout server.key
-out server.pem -subj /CN=computer.example.com/O=test/C=US


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Testing ports through firewall

Sai Teja Chowdary-2
In reply to this post by warron.french
Hi, 
You can test ports with OpenSSL. But you gotta need a certificate for your s_server. You can generate a self signed certificate with openssl.
Try this

And place that file in the dir were you are running the s_server command, or can use -cert argument to give the generated certificate.

And from the s_client connect to the port that you are listening with s_server

Client:
openssl s_client -connect hostname:port

Server:
openssl s_server -accept PORT 

Regards

Saiteja.

On 21-Dec-2017 7:07 PM, "warron.french" <[hidden email]> wrote:
Hello Community, and Merry Christmas/Happy Seasons Greetings,
   anyway, I need some help with understanding an openssl feature - s_server.

I executed the following command:  openssl s_server -accept 21937 -www &
And immediately got the following output:
[1] 3286
[sysadm@wfrench-rhel6c-cit ~]$ Error opening server certificate private key file server.pem
140679739017032:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('server.pem','r')
140679739017032:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load server certificate private key file


In order to test ports that are not encrypted with SSL/TLS do I still have to generate a certificate and private key file (each)?

I would like to test ports from one machine using openssl s_client against a remote machine on an opposing network, running a "listener", using openssl s_server.

Perhaps I am way off?  I am not allowed to use openssl for this sort of thing?
Any guidance would be greatly appreciated because I want to expand my understanding of the openssl suite of commands and its offerings.


Have a nice day,
--------------------------
Warron French


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users